如何将存储过程从富文本框存储/保存到SQL服务器 [英] How to store/save the store procedure from rich text box to SQL server
本文介绍了如何将存储过程从富文本框存储/保存到SQL服务器的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Hi Team,
我有一个存储过程,它是由windows窗体中的c#代码生成的 - 富文本框。如何通过单击一个命令按钮将此存储过程存储在sql服务器中。
我尝试过:
尝试如下......
if(rtbSPQuery.Text!=)
{
string execQuery = rtbSPQuery.Text;
SqlConnection con = new SqlConnection(ProjectConnection.conStr);
尝试
{
con.Open();
SqlCommand comSaveSP = new SqlCommand(exec+ execQuery,con);
comSaveSP.ExecuteNonQuery();
}
catch(Exception ex)
{
MessageBox.Show(ex.Message);
}
最后
{
con.Close();
}
解决方案
我得说这似乎不是一个好主意。如果您的应用被黑客攻击,有人可以在您的数据库中写入存储过程a)擦除所有数据,和/或b)窃取所有数据,和/或将sql server用作垃圾邮件机器人和/或任何其他邪恶行为的数量。
与在SQL中保存任何存储过程的方式相同:发出CREATE PROCEDURE或ALTER PROCEDURE命令并在服务器上执行它。
CREATE PROCEDURE(Transact-SQL) [ ^ ]
Hi Team,
I have store procedure which is generated by c# code in windows forms - richtext box. How can I store this store procedure in sql sever by clicking of one command button.
What I have tried:
Tried as below...
if (rtbSPQuery.Text != "")
{
string execQuery = rtbSPQuery.Text;
SqlConnection con = new SqlConnection(ProjectConnection.conStr);
try
{
con.Open();
SqlCommand comSaveSP = new SqlCommand("exec"+execQuery, con);
comSaveSP.ExecuteNonQuery();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
finally
{
con.Close();
} 解决方案
I gotta say this doesn't seem like a very good idea. If your app gets hacked, someone could write a stored proc to your database that a) wipes all the data, and/or b) steals all the data, and/or uses the sql server as a spam bot, and/or any other number of evil deeds.
The same way you "save" any stored procedure in SQL: Issue aCREATE PROCEDUREorALTER PROCEDUREcommand and execute it at the server.
CREATE PROCEDURE (Transact-SQL)[^]
这篇关于如何将存储过程从富文本框存储/保存到SQL服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
